III. REMARKS 

Claims 1-22 were previously presented for prosecution. By this amendment, claims 1,10 
and 17 have been amended, and claims 4, 13, 14 and 18 have been canceled. Subject matter 
from these claims has been incorporated into the respective independent claim. Previous claims 
1-4, 7-12, and 15-22 were rejected under 35 USC 102(a) as being anticipated by Gunter 
OUmann's "Custom HTML Authentication - Best Practices on Securing Custom HTML 
Authentication Procedures," hereinafter "OUmann." Claims 5, 6, 13 and 14 were rejected under 
35 USC 103(a) as being unpatentable over OUmann in view of "Securing against Denial of 
Service Attacks (W3C)." Applicant respectfiilly fraverses the above rejections for the following 
reasons. 

With regard to the rejection of claim 1, the Office continues to maintain that the feature 
"wherein a request is deemed improper if a message body associated with the request has a zero 
length," is taught by OUmann. In the previous Office Action, the Office refers to pages 4-5 and 
page 8 for making such a teaching. As previously noted, pages 4-5 makes no teaching regarding 
zero length objects. Page 8 refers to ensuring "that the content of the session ID is of the 
expected size and type." As already pointed out, a "session ID" is not the same as "request." As 
such, claim 1 is clearly not anticipated by OUmann. 

Claim 10 now recites "wherein a message is deemed improper if the message is neither 
an HTTP "post" nor an HTTP "get" command when one of these commands is expected, or the 
message includes a HTTP "post" or "get" command with unknown arguments." The Office 
previously alleges that this feature is taught on page 10 of W3C. In particular, the Office alleges 
that echo requests and echo reply packets teaches this feature. An echo request is an ICMP 
message whose data is expected to be received back in an echo reply ("pong"). Thus, the host 
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must respond to all echo requests with an echo reply containing the exact data received in the 
request message (see, e.g., Wikipedia). Echo requests and replies are clearly not equivalents of 
HTTP post or get commands. As such claim 10 is not anticipated. 

Claim 17 recites "means for responding to a first improper message from an identified 
source address with an HTTP error response; means for responding to a first predetermined 
number of subsequent improper messages from the identified source address with HTTP "OK" 
response codes; and means for stopping responses to the identified source address after a second 
predetermined number of subsequent improper messages have been received." In other words, 
this claim provides three responses to improper messages. The prior art, in part or in whole fails 
to teach such an approach. 

Applicant respectfiilly submits that the application is in condition for allowance. If the 
Examiner believes that anything further is necessary to place the application in condition for 
allowance, the Examiner is requested to contact Applicant's undersigned representative at the 
telephone number listed below. 



Dated: 8/29/08 

Hoffman Wamick LLC 
75 State Street 
Albany, NY 12207 
(518) 449-0044 - Telephone 
(518) 449-0047 - Facsimile 



Respectfiilly submitted, 




Michael F. Hoffman 
Reg. No. 40,019 
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